AU2012293712B2 - Method for managing and checking data from different identity domains organized into a structured set - Google Patents
Method for managing and checking data from different identity domains organized into a structured setInfo
- Publication number
- AU2012293712B2 AU2012293712B2 AU2012293712A AU2012293712A AU2012293712B2 AU 2012293712 B2 AU2012293712 B2 AU 2012293712B2 AU 2012293712 A AU2012293712 A AU 2012293712A AU 2012293712 A AU2012293712 A AU 2012293712A AU 2012293712 B2 AU2012293712 B2 AU 2012293712B2
- Authority
- AU
- Australia
- Prior art keywords
- identity
- derived
- identity data
- person
- managing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a method and system for managing and checking different identity data relating to a person. According to the invention, a derived-identity management server generates for the person at least part of the identity data with which said person can be authenticated in relation to a service provider for the derived-identity domain, on the basis of information derived from identity data from parent domains. The identity data generation processing ensures that no link can be established from two authentications in two separate domains in the absence of link information. If necessary, said link information is transmitted by a parent domain to a derived-identity server so that the latter establishes the link between the identity data of the derived-identity domain and the identity data of the parent domain, e.g. for the cascade revocation of a person from various domains.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1157261 | 2011-08-09 | ||
FR1157261A FR2979044B1 (en) | 2011-08-09 | 2011-08-09 | METHOD FOR MANAGING AND CONTROLLING DATA OF DIFFERENT FIELDS OF IDENTITY ORGANIZED IN THE ENHANCEMENT STRUCTURE |
PCT/EP2012/065153 WO2013020890A1 (en) | 2011-08-09 | 2012-08-02 | Method for managing and checking data from different identity domains organized into a structured set |
Publications (2)
Publication Number | Publication Date |
---|---|
AU2012293712A1 AU2012293712A1 (en) | 2014-03-27 |
AU2012293712B2 true AU2012293712B2 (en) | 2016-07-21 |
Family
ID=46639494
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AU2012293712A Active AU2012293712B2 (en) | 2011-08-09 | 2012-08-02 | Method for managing and checking data from different identity domains organized into a structured set |
Country Status (11)
Country | Link |
---|---|
US (1) | US9407637B2 (en) |
EP (1) | EP2742645B1 (en) |
JP (2) | JP2014529124A (en) |
CN (1) | CN103858377B (en) |
AU (1) | AU2012293712B2 (en) |
BR (1) | BR112014003054B1 (en) |
CA (1) | CA2844762C (en) |
FR (1) | FR2979044B1 (en) |
IL (1) | IL230870A (en) |
RU (1) | RU2602785C2 (en) |
WO (1) | WO2013020890A1 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3005185B1 (en) * | 2013-04-30 | 2015-04-17 | Morpho | METHOD FOR GENERATING AT LEAST ONE DERIVED IDENTITY |
EP3257194B1 (en) | 2015-02-11 | 2020-04-15 | Visa International Service Association | Systems and methods for securely managing biometric data |
US10069824B2 (en) | 2015-05-12 | 2018-09-04 | Branch Banking And Trust Company | Biometric signature authentication and centralized storage system |
RU2739262C1 (en) * | 2020-04-05 | 2020-12-23 | Эрвью.ТВ, Инк. | Information presentation control method |
US11824896B2 (en) | 2020-04-06 | 2023-11-21 | Exonym GmbH | Cross-service rulebook management in a dynamic and adversarial environment |
US11962573B2 (en) | 2021-10-26 | 2024-04-16 | Genetec Inc | System and method for providing access to secured content field |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1164745A2 (en) * | 2000-06-09 | 2001-12-19 | TRW Inc. | System and method for usage of a role certificate in encryption, and as a seal, digital stamp, and a signature |
WO2009028794A2 (en) * | 2007-08-24 | 2009-03-05 | Electronics And Telecommunication Research Institute | Method for providing anonymous public key infrastructure and method for providing service using the same |
US20100310070A1 (en) * | 2007-12-21 | 2010-12-09 | Morpho | Generation and Use of a Biometric Key |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7028180B1 (en) * | 2000-06-09 | 2006-04-11 | Northrop Grumman Corporation | System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature |
US6993596B2 (en) * | 2001-12-19 | 2006-01-31 | International Business Machines Corporation | System and method for user enrollment in an e-community |
FR2834598B1 (en) * | 2002-01-04 | 2004-02-20 | France Telecom | METHOD AND DEVICE FOR ANONYMOUS SIGNATURE USING A SHARED PRIVATE KEY |
US7793095B2 (en) * | 2002-06-06 | 2010-09-07 | Hardt Dick C | Distributed hierarchical identity management |
WO2005116794A1 (en) * | 2004-05-28 | 2005-12-08 | Koninklijke Philips Electronics N.V. | License management in a privacy preserving information distribution system |
US7315941B2 (en) * | 2004-12-17 | 2008-01-01 | Ntt Docomo Inc. | Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity |
JP4727353B2 (en) * | 2005-09-06 | 2011-07-20 | 株式会社Kddi研究所 | Identification information generation management device, system, and program |
CN101039182B (en) * | 2007-03-07 | 2010-08-11 | 广东南方信息安全产业基地有限公司 | Authentication system and method for issuing user identification certificate |
CN101272395B (en) * | 2008-05-20 | 2012-07-11 | 北京交通大学 | Hierarchical access control method of communication network |
US20100122080A1 (en) | 2008-11-11 | 2010-05-13 | Electronics And Telecommunications Research Institute | Pseudonym certificate process system by splitting authority |
US8024777B2 (en) * | 2008-11-20 | 2011-09-20 | Mark Kevin Shull | Domain based authentication scheme |
-
2011
- 2011-08-09 FR FR1157261A patent/FR2979044B1/en active Active
-
2012
- 2012-08-02 CA CA2844762A patent/CA2844762C/en active Active
- 2012-08-02 AU AU2012293712A patent/AU2012293712B2/en active Active
- 2012-08-02 US US14/237,556 patent/US9407637B2/en active Active
- 2012-08-02 RU RU2014106962/08A patent/RU2602785C2/en active
- 2012-08-02 WO PCT/EP2012/065153 patent/WO2013020890A1/en active Application Filing
- 2012-08-02 EP EP12743968.5A patent/EP2742645B1/en active Active
- 2012-08-02 JP JP2014524342A patent/JP2014529124A/en active Pending
- 2012-08-02 BR BR112014003054-5A patent/BR112014003054B1/en active IP Right Grant
- 2012-08-02 CN CN201280044555.5A patent/CN103858377B/en active Active
-
2014
- 2014-02-06 IL IL230870A patent/IL230870A/en active IP Right Grant
-
2018
- 2018-03-28 JP JP2018062496A patent/JP6688823B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1164745A2 (en) * | 2000-06-09 | 2001-12-19 | TRW Inc. | System and method for usage of a role certificate in encryption, and as a seal, digital stamp, and a signature |
WO2009028794A2 (en) * | 2007-08-24 | 2009-03-05 | Electronics And Telecommunication Research Institute | Method for providing anonymous public key infrastructure and method for providing service using the same |
US20100310070A1 (en) * | 2007-12-21 | 2010-12-09 | Morpho | Generation and Use of a Biometric Key |
Also Published As
Publication number | Publication date |
---|---|
JP2018137788A (en) | 2018-08-30 |
US20140181932A1 (en) | 2014-06-26 |
CN103858377B (en) | 2017-02-22 |
FR2979044B1 (en) | 2013-08-30 |
IL230870A0 (en) | 2014-03-31 |
EP2742645A1 (en) | 2014-06-18 |
BR112014003054B1 (en) | 2022-04-12 |
US9407637B2 (en) | 2016-08-02 |
JP2014529124A (en) | 2014-10-30 |
RU2602785C2 (en) | 2016-11-20 |
CN103858377A (en) | 2014-06-11 |
IL230870A (en) | 2017-09-28 |
CA2844762C (en) | 2020-07-28 |
FR2979044A1 (en) | 2013-02-15 |
BR112014003054A2 (en) | 2017-02-21 |
RU2014106962A (en) | 2015-09-20 |
CA2844762A1 (en) | 2013-02-14 |
AU2012293712A1 (en) | 2014-03-27 |
JP6688823B2 (en) | 2020-04-28 |
EP2742645B1 (en) | 2018-10-03 |
WO2013020890A1 (en) | 2013-02-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2012293712B2 (en) | Method for managing and checking data from different identity domains organized into a structured set | |
WO2012142045A3 (en) | Multiple tokenization for authentication | |
MX337986B (en) | Systems, methods, and computer program products for managing secure elements. | |
WO2012096791A3 (en) | Methods and systems for distributing cryptographic data to authenticated recipients | |
GB2495448A (en) | Security model for workflows aggregating third party secure services | |
WO2013113025A3 (en) | Authenticating entities engaging in automated or electronic transactions or activities | |
WO2013134290A3 (en) | Digital content delivery | |
BR112016017947A2 (en) | METHOD IMPLEMENTED BY COMPUTER, ACCESS DEVICE, AND SYSTEM | |
GB2502736A (en) | System and method for analyzing messages in a network or across networks | |
WO2014015100A3 (en) | Systems and methods for validating treatment instructions | |
WO2012098543A3 (en) | System and method for computerized negotiations based on coded integrity | |
GB2518099A (en) | Systems and methods for identity authentication using a social network | |
WO2010011919A3 (en) | Http authentication and authorization management | |
GB2509278A (en) | Network user identification and authentication | |
MY168469A (en) | Systems and methods for enhancement of single sign-on protection | |
WO2011106404A3 (en) | Multifactor authentication using a directory server | |
MX362308B (en) | Method and system for verifying an access request. | |
GB2513753A (en) | Consolidating disparate cloud service data and behavior based on trust relationships between cloud services | |
MX2018003580A (en) | Acceleration of online certificate status checking with an internet hinting service. | |
MX346982B (en) | Injection data management system and method. | |
FI20115184A0 (en) | Method and apparatus for measuring unit cohesion | |
NZ702250A (en) | Network based management of protected data sets | |
GB2513070A (en) | Confidential information access via social networking web site | |
MY184704A (en) | A system and method for authenticating a user based on user behaviour and environmental factors | |
PH12014502072A1 (en) | Method and system using a cyber id to provide secure transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FGA | Letters patent sealed or granted (standard patent) |